Contact Us

GDPR & Data Protection Policy

beYou Education

Version 1

Completed Date: 15th January 2025 – Review Date: 15th January 2026

 

1. Policy Statement

At beYou, we are committed to protecting the privacy and security of personal data in compliance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. This policy outlines our approach to data protection, ensuring that all personal data is handled lawfully, fairly, and transparently.

 

2. Purpose

The purpose of this policy is to:

  • Ensure compliance with GDPR and data protection legislation.
  • Outline how we collect, use, store, and protect personal data.
  • Inform staff, students, parents, and partners about their rights concerning personal data.

 

3. Scope

This policy applies to all personal data processed by beYou, including data relating to:

  • Students and young people.
  • Parents and guardians.
  • Staff, contractors, and volunteers.
  • Third-party partners and visitors.

 

4. Key Principles of Data Protection

beYou adheres to the following principles of data protection:

  • Lawfulness, Fairness, and Transparency: Personal data will be processed lawfully, fairly, and in a transparent manner.
  • Purpose Limitation: Data will be collected for specified, explicit, and legitimate purposes.
  • Data Minimisation: Only the data necessary for the intended purpose will be collected.
  • Accuracy: Data will be kept accurate and up to date.
  • Storage Limitation: Data will be retained only as long as necessary for the purposes for which it was collected.
  • Integrity and Confidentiality: Data will be processed securely to protect against unauthorised access, loss, or damage.
  • Accountability: beYou will demonstrate compliance with GDPR requirements.

 

5. Data Collection and Use

beYou collects personal data for the following purposes:

  • To provide educational services to students.
  • To manage staff and volunteer records.
  • To communicate with parents, guardians, and external partners.
  • To comply with legal and regulatory obligations.

 

Examples of personal data collected include:

  • Names, addresses, and contact details.
  • Emergency contact information.
  • Health and medical information.
  • Educational records and progress reports.

 

6. Data Subject Rights

Individuals have the following rights under GDPR:

  • Right to Access: Request access to personal data held by beYou.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of personal data where it is no longer necessary or where consent has been withdrawn.
  • Right to Restrict Processing: Request limitations on the processing of personal data.
  • Right to Data Portability: Request transfer of personal data to another organisation.
  • Right to Object: Object to data processing based on legitimate interests.
  • Right to Withdraw Consent: Withdraw consent for processing personal data at any time.

 

Requests to exercise these rights should be directed to the Data Protection Officer (DPO).

 

7. Data Security

beYou implements appropriate technical and organisational measures to protect personal data, including:

  • Encryption and secure storage of data.
  • Access controls to restrict unauthorised access.
  • Regular staff training on data protection and cybersecurity.
  • Incident response procedures to manage data breaches.

 

8. Data Sharing and Third Parties

beYou will only share personal data with third parties when necessary and with appropriate safeguards, such as:

  • Sharing student information with schools, local authorities, or safeguarding agencies.
  • Engaging third-party service providers under data processing agreements.

 

Third parties must comply with GDPR and data protection policies.

 

9. Data Retention

Personal data will be retained in line with beYou’s data retention schedule and deleted securely when no longer required. Retention periods are based on legal, regulatory, and operational requirements.

 

10. Data Breaches

All data breaches must be reported immediately to the DPO. beYou will:

  • Investigate the breach and take appropriate remedial action.
  • Notify affected individuals where necessary.
  • Report significant breaches to the Information Commissioner’s Office (ICO) within 72 hours.

 

11. Training and Awareness

All staff and volunteers will receive regular training on GDPR and data protection responsibilities to ensure compliance.

 

12. Monitoring and Review

This policy will be reviewed annually or following significant changes to legislation or organizational practices. Feedback from staff and stakeholders will inform updates.

 

13. Contact Information

  • Data Protection Officer (DPO): Rob Brown – Managing Director – [email protected]
  • Information Commissioner’s Office (ICO): www.ico.org.uk, 0303 123 1113

 

Approval and Sign-Off This policy has been approved by the management team and is effective from 15/01/2025.

Signed: Rob Brown, Managing Director
beYou, First Step Sports Group

EVERY student has the potential to succeed. beYou shows young people they have purpose and a bright future.

Contact Us
beYou
Industries
Policies
© 2025 beYou Education. All Rights Reserved.
Instagram-square Facebook-square Linkedin
In partnership with First Step Sports Group